import org.jsecurity.*
class StoryController {
	
	def beforeInterceptor = [action:this.&iAmOwnerOrAdmin,only:['edit','update','delete']]

    
    // the delete, save and update actions only accept POST requests
    def allowedMethods = [delete:'POST', save:'POST', update:'POST']

    def index = {
        if(!params.max) params.max = 10
        def parameters = params
        parameters.order="desc"
        parameters.sort="id"
        [ stories: Story.list( parameters ) ]
    }
    
    def filter = {
		if(!params.max) params.max = 10
		def stories = Story.executeQuery(
				"select obj from ${New.class.getName()} as obj\n inner join Tagging as t on (obj.id = t.taggable_id and t.taggable_type = ?)\n " +
				"inner join Tag as tag on t.tag_id=tag.id where tag.name = ?", [New.class.toString(), params.tag])
		render(view:"index",model:[ stories: stories])	
    }

    def show = {
        def story = Story.get( params.id )

        if(!story) {
            flash.message = "New not found with id ${params.id}"
            redirect(action:index)
        }
        else { return [ story : story ] }
    }

    def delete = {
        def story = Story.get( params.id )
        if(story) {
            story.delete()
            flash.message = "New ${params.id} deleted"
            redirect(action:index)
        }
        else {
            flash.message = "New not found with id ${params.id}"
            redirect(action:index)
        }
    }

    def edit = {
        def story = Story.get( params.id )

        if(!story) {
            flash.message = "New not found with id ${params.id}"
            redirect(action:index)
        }
        else {
            return [ story : story ]
        }
    }

    def update = {
        def story = Story.get( params.id )
        if(story) {
            story.properties = params
            story.user = currentUser()
            if(!story.hasErrors() && story.save()) {
            	story.setTags(params.tags)
                flash.message = "New ${params.id} updated"
                redirect(action:show,id:story.id)
            }
            else {
                render(view:'edit',model:[story:story])
            }
        }
        else {
            flash.message = "New not found with id ${params.id}"
            redirect(action:show,id:params.id)
        }
    }

    def create = {
        def story = new Story()
        story.properties = params
        return ['story':story]
    }

    def save = {
        def story = new Story(params)
        story.user = currentUser()
        if(!story.hasErrors() && story.save()) {
        	story.setTags(params.tags)
            flash.message = "New ${story.id} created"
            redirect(action:show,id:story.id)
        }
        else {
            render(view:'create',model:[story:story])
        }
    }
	
	def comment = { 
		def story = Story.get( params.id )
		def comment = new Comment(params)
		comment.commentableId = story.id
		comment.commentableType = story.class.getName()
		if(!comment.hasErrors() && comment.save()) {
			redirect(action:show,id:story.id)
		}else{
			render(view:'show',model:[story:story, comment:comment])
		}
    }
    
    def iAmOwnerOrAdmin = {
		def story = Story.get( params.id )
		if(story.user != currentUser()){
			redirect(action:'show', id: params.id)
			flash.error = "You are not the story owner"
            return false
		}
    }
	
	private User currentUser(){
		User.findByUsername(SecurityUtils.getSubject()?.getPrincipal())
	}
}
